Con un WRT54GL y OpenWRT se puede hacer un enrutador para segmentar redes, a continuación un ejemplo :
en el cual el enrutador es Linksys, se debe tener en cuenta que en el Servidor las rutas estén definidas al estilo:
route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.0.51 route add -net 10.0.3.0 netmask 255.255.255.0 gw 10.0.0.51 route add -net 10.0.4.0 netmask 255.255.255.0 gw 10.0.0.51 route add -net 10.0.5.0 netmask 255.255.255.0 gw 10.0.0.51 route add -net 10.0.6.0 netmask 255.255.255.0 gw 10.0.0.51
Firmware openwrt-wrt54g-squashfs-2.6.bin openwrt-wrt54g-squashfs.bin
Convenciones
/etc/config/network
Descargar network
config 'switch' 'eth0'
option 'vlan0' '3 5*'
option 'vlan1' '4 5'
option 'vlan2' '2 5*'
option 'vlan3' '1 5*'
option 'vlan4' '0 5*'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan1'
option 'ifname' 'eth0.0'
option 'proto' 'static'
option 'ipaddr' '10.0.2.1'
option 'netmask' '255.255.255.0'
option 'peerdns' '0'
option 'defaultroute' '1'
config 'interface' 'lan2'
option 'ifname' 'eth0.2'
option 'proto' 'static'
option 'ipaddr' '10.0.4.1'
option 'netmask' '255.255.255.0'
option 'peerdns' '0'
option 'defaultroute' '1'
config 'interface' 'lan3'
option 'ifname' 'eth0.3'
option 'proto' 'static'
option 'ipaddr' '10.0.5.1'
option 'netmask' '255.255.255.0'
option 'peerdns' '0'
option 'defaultroute' '1'
config 'interface' 'lan4'
option 'type' 'bridge'
option 'ifname' 'eth0.4'
option 'proto' 'static'
option 'ipaddr' '10.0.6.1'
option 'netmask' '255.255.255.0'
option 'peerdns' '0'
option 'defaultroute' '1'
config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'proto' 'static'
option 'ipaddr' '10.0.0.51'
option 'gateway' '10.0.0.201'
option 'netmask' '255.255.255.0'
option 'dns' '10.0.0.201'
config 'route'
option 'interface' 'lan3'
option 'target' '10.0.3.0'
option 'netmask' '255.255.255.0'
option 'gateway' '10.0.5.2'
/etc/config/firewall
Descargar firewall
config Defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name lan2
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name lan3
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name lan4
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
option mtu_fix 1
config forwarding
option src lan1
option dest wan
config rule
option src wan
option src_ip 10.0.0.201
option dest lan1
option target ACCEPT
config forwarding
option src lan2
option dest wan
config rule
option src wan
option src_ip 10.0.0.201
option dest lan2
option target ACCEPT
config forwarding
option src lan3
option dest wan
config rule
option src wan
option src_ip 10.0.0.201
option dest lan3
option target ACCEPT
config forwarding
option src lan4
option dest wan
config rule
option src wan
option src_ip 10.0.0.201
option dest lan4
option target ACCEPT
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user